It is not just North Korea, the cyber warriors are also in Ukraine, China, Syria, Russian and Iran. America has some defenses, but normal users and the business industry has few robust and intolerant choices against cyber attacks.
We need to challenge Congress to declare cyber attacks as an act of war given the heavy costs to theft, risk and attacks on harden targets including the power grid systems, transportation, food, banks, water, yet most of all intelligence and military secrets.
The most recent attack on Sony intranet system is pointing to North Korea as having the cyber-soldiers and that brigade is called Unit 121.
The North Korean military created a new unit that focuses solely on cyber warfare. The unit, dubbed Unit 121, was first created in 1998 and has steadily grown in size and capability since then. Interest in establishing cyber war forces shouldn’t come as a surprise to anyone, but North Koreas intense effort stands out among the top ten nations developing cyber weapons.
Unit 121 Capabilities Assessment:
Force Size: Originally 1,000 — Current Estimate:17,000
Budget: Total military budget $6 billion USD. Cyber Budget $70+ million. North Koreas military budget is estimated to be the 25th largest in the world.
Goal: To increase their military standing by advancing their asymmetric and cyber warfare.
Ambition: To dominate their enemys information infrastructure, create social unrest and inflict monetary damage.
Strategy: Integrate their cyber forces into an overall battle strategy as part of a combined arms campaign. Additionally they wish to use cyber weapons as a limited non-war time method to project their power and influence.
Experience: Hacked into the South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems.
Threat Rating: North Korea is ranked 8th on the Spy-Ops cyber capabilities threat matrix developed in August of 2007.
Capabilities
Cyber Intelligence/Espionage: Basic to moderately advanced
weapons with significant ongoing development into cyber intelligence.
Offensive Cyber Weapons: Moderately advanced distributed
denial of service (DDoS) capabilities with moderate virus and malicious code capabilities.
North Korea now has the technical capability to construct and deploy an array of cyber weapons as well as battery-driven EMP (electro magnetic pulse) devices that could disrupt electronics and computers at a limited range.
In the late spring of 2007, North Korea conducted another test of one of the cyber weapons in their current arsenal. In October, the North Koreans tested its first logic bomb. A logic bomb is a computer program that contains a piece of malicious code that is designed to execute or be triggered should certain events occur or at a predetermined point of time. Once triggered, the logic bomb can take the computer down, delete data of trigger a denial of service attack by generating bogus transactions.
For example, a programmer might write some software for his employer that includes a logic bomb to disable the software if his contract is terminated.
The N Korean test led to a UN Security Council resolution banning sales of mainframe computers and laptop PCs to the East Asian nation. The action of the United Nations has had little impact and has not deterred the North Korean military for continuing their cyber weapons development program.
Keeping dangerous cyber weapons out of the hands of terrorists or outlaw regimes is next to impossible. As far back as 2002, White House technology adviser Richard Clarke told a congressional panel that North Korea, Iraq and Iran were training people for internet warfare. Most information security experts believe that it is just a matter of time before the world sees a significant cyber attack targeted at one specific country. Many suggest the danger posed by cyber weapons rank along side of nuclear weapons, but without the physical damage. The signs are there. We need to take action and prepare for the impact of a cyber war.
North Korea’s Elite Hackers Who Live Like Stars In Luxury Hotel
Unit 121 is known to have two distinct functions: to carry out disruptive attacks against systems primarily in the United States and South Korea, both for purposes of sabotage and intelligence gathering, and to defend North Korea from incoming cyber attacks.
North Korea, however, has very little internet infrastructure, which analysts say actually gives the country an advantage. While North Korea can launch massive attacks against the West — the Sony attack being just the latest — outside nations can do little to damage North Korea’s own internal digital systems because they largely don’t exist.
Inside North Korea, use of the internet is strictly limited to government approved personnel. Ordinary citizens may utilize only an intranet run by Kim Jong Un regime, which allows access to government approved sites and state-operated media, but no access to what the rest of the world knows as the internet and the World Wide Web.
Instead, according to a report prepared in 2009 by a U.S. military intelligence analyst, Steve Sin, the Unit 121 hackers operate mostly from the luxurious Chilbosan in Shenyang, China, pictured below, a facility with amenities that would be unknown to all but the top level government elites inside North Korea, an impoverished country racked by famine.
The hotel is located in a military-controlled region of China just three hours from the border with North Korea. The central headquarters of Unit 121 is located in Pyongyang, in a district called Moonshin-dong, near the Taedong River
In fact, by North Korean standards, the cyber hackers of Unit 121 (also referred to as “Bureau 121″) are treated like superstars, afforded high-class lifestyles inconceivable to the vast majority of North Korean citizens.
In addition to Sin’s report, the Hewlett-Packard corporation conducted its own investigation into the threat posed by Unit 121 — which was created in 1998 and operates with a budget of more than $6 billion. Much of the information known about the highly-secretive unit comes from those reports, and from North Korean defectors who have passed information to U.S. and South Korean intelligence.
According to those accounts, the hackers who comprise the unit are the cream of North Korea’s academic crop in math and computer science, hand-picked from high schools around the country, who are then sent to study at Keumseong, the top high school in the North Korea capital of Pyongyang.
From there, the candidates who pass a rigorous series of tests and trials are sent to study at top universities — and then sent to Russia and China for an additional year of specialized training in computer hacking and cyberwar techniques.
Unit 121 is believed responsible for an attack on 30,000 computers inside South Korean banks and media companies in 2013, an attack that security experts say bore strong similarities to the Sony hack.
Against South Korea, North Korea allegedly has already carried out a series of disruptive and destructive operations in the past few years. Discounting previous distributed denial-of-service (DDoS) attacks on websites, the first major cyber-attack attributed to North Korea was on April 12, 2011, which paralyzed online banking and credit card services of Nonghyup Agricultural Bank for its 30 million customers. This is the first instance where North Korea used a disc wiping tool. While its ATMs were fixed within a couple days, some of the online services had taken more than two weeks to return to normal operating status, with 273 out of 587 servers destroyed. The second incident occurred in March 20, 2013, which used similar but improved tactics from April 2011. It was timed to simultaneously target multiple banks and broadcasting agencies with disc wiping tools and was preceded by an extensive advanced persistent threat campaign. The scale of the March 20 attack demonstrated that North Korea has at least one dedicated, permanent cyber unit directed against carefully selected targets and that they have the means to penetrate, exploit, and disrupt target systems and networks with sufficient secrecy.
